A new phishing scam is capitalizing on the COVID-19 pandemic, seeking to steal credentials of healthcare workers with the promise of a “coronavirus awareness” seminar.

An email purporting to come from the organization’s IT department urges employees to access a link and enter their username and password. If duped by the malicious website rigged to look like the Outlook Web App, an unwary employee would give their login credentials to the attackers. A screen capture of the email scam was obtained by Sky News.

The COVID-19 scare has prven lucrative for cybercriminals in recent weeks as healthcare institutions scramble to test patients, treat the infected and protect their own staff from the contagion. Healthcare infrastructures are highly susceptible to hacker attacks because of lax cybersecurity skills and safeguards.

With the COVID-19 pandemic in full swing, these weaknesses are becoming more obvious than ever. A Czech medical facility, the Brno University Hospital, was forced to cancel urgent surgery and divert patients to a nearby hospital as it dealt with a contagion itself – the ransomware kind. The Czech hospital was also one of the country’s largest COVID-19 testing labs.

As is always the case with phishing campaigns against targeted institutions, the scam is riddled with clues that give it away. These include typos, an overly urgent tone, and the threat that “disciplinary measure will be taken” if recipients don’t follow the instructions.

If any such urgent notices make it into your inbox, regardless of your profession or the latest trending news, contact your IT department on a separate channel, or just give them a call to make sure the notice came from them and not elsewhere.